| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users. |
| NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File. |
| NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. |
| NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. |
| NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter. |
| NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. |
| NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. |
| Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113. |
| A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113. |
| Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113. |
| Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service.
*Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. |
| Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. |
| SAP Business Client, versions 6.5, 7.0, does not perform necessary integrity checks which could be exploited by an attacker under certain conditions to modify the installer. |
| SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. |
| When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the corresponding backend for which the credentials are valid. |
